Checking Code Signing and Sandboxing Status in Code – Ole Begemann: "Can we do the same in code? Yes we can. With a lot of help from my coworkers Jörg Jacobsen (see his work on XPC and Sandboxing for the iMedia framework) and Christian Beer (who pointed me to the source code for the codesign utility), I wrote a category on NSBundle that can tell you for any application bundle: a) whether it has a valid code signature b) whether it is sandboxed and c) whether it was downloaded from the Mac App Store."

A really nice article and sample code about checking entitlements etc. The problem with using a category on NSBundle is that category methods are easily identified in the binary and can be hijacked.